| 15 Jun 2021 |
|  Mic92 (Old) joined the room. | 03:52:09 |
| Mic92 (Old) | colemickens 🏳️🌈: I use kata-containers just to manage a systems programming course as a safer sandbox for github classroom tests, where I can give people also root privileges. | 03:56:06 |
 colemickens | oh so are you actually running k3s -> kata then? | 05:02:15 |
| colemickens | or what are you orchestrating containerd with? | 05:02:30 |
| colemickens | I'm guessing that's a yes; looks like you disable k3s->docker so it probably just looks for the containerd socket | 05:03:27 |
| Mic92 (Old) | @colemickens: right. I have a custom kubernetes controller that spawns pods for each ci build and my ci builds are marked as untrusted so that containerd spawns them in VMs | 06:38:43 |
| colemickens | what does you controller integrate with? can I see it? | 07:13:31 |
| Mic92 (Old) | colemickens: I am using https://github.com/actions-runner-controller/actions-runner-controller I mainly followed the installation instructions there. Not in a public repo right now. Anything you are interested in specifically? | 07:15:05 |
| colemickens | ah, no, you come up with solutions that I often learn from. I think I can imagine how to piece that together with a k3s+kata setup enough, that answers my curiosity. | 07:15:59 |
| Mic92 (Old) | I tried to stick to something borring here as I will hand of the infrastructure to other people not so familiar. Therefore I am also interested in getting some basic kata setup into nixos itself. | 07:18:35 |
| colemickens | I want to at least spend a bit more time trying to build the images, not sure I can commit to upstreaming unless I find myself using it beyond tinkering. | 07:19:38 |
| Mic92 (Old) | How much does this agent depends on is userspace? | 07:20:24 |
| Mic92 (Old) | Is is more or less self-sufficient? | 07:20:36 |
| colemickens | It's meant to be able to run as pid 1 itself, so I think very little. | 07:20:53 |
| Mic92 (Old) | Because right now I would just stick to the pre-build images until I got a better understanding. | 07:20:56 |
| colemickens | well, I should be more clear, it can be run as pid 1, and will behave accordingly. | 07:21:26 |
| colemickens | IIRC I even got the agent starting up, it was just failing to do some cgroups setup at pod-start-time | 07:21:49 |
| colemickens | someone in the Kata Slack gave a suggestion and wants to help me, I just need to take a day | 07:22:04 |
| Mic92 (Old) | colemickens: do you do cgroupv2 or v1? | 07:22:13 |
| Mic92 (Old) | kata has problems with cgroupv2 on the host | 07:22:24 |
| Mic92 (Old) | I had to disable it | 07:22:28 |
| colemickens | on the host? | 07:22:35 |
| colemickens | hm | 07:22:38 |
| Mic92 (Old) | The host running the vm | 07:22:46 |
| colemickens | I am pretty sure I'm on cgroupsv2 yes, I hadn't quite noticed that | 07:22:57 |
| colemickens | its been a couple weeks though... | 07:23:18 |
| Mic92 (Old) | You will see it breaks container that run for longer. | 07:23:20 |
| Mic92 (Old) | The hello-world container works | 07:23:33 |
| Mic92 (Old) | but not a busybox one that is interactive | 07:23:40 |
| Mic92 (Old) | At least in the released version of kata-containers | 07:23:52 |
